How to Unlock User Accounts with PowerShell
In this post I will show you how to quickly unlock User accounts with PowerShell. On a daily basis many admins use the Active Directory users and computers to unlock users accounts. This is because they either find it easy or maybe using PowerShell is too complex for them.
So if you get to know that an user account is locked, how do you unlock an account using ADUC ?. You launch ADUC first, find the user, right click user account and click Properties. And then under Account tab, you select Unlock Account.
However using PowerShell you can unlock user accounts much quicker than usual method. In this post I have included examples for finding the account locked status and unlocking a single user account. In addition to that I have also included information on unlocking all locked user accounts at once.
Prerequisites
- Since we are going to use the PowerShell to unlock AD accounts, ensure you install the Active Directory module first.
- You need not login to domain controller to unlock an account. Install the RSAT tools on the computer so that you can run the commands from your computer.
- On a Windows Server, you can install Active Directory module for Windows PowerShell feature via Server Manager > Features. You can also use Add-WindowsFeature RSAT-AD-Powershell command.
Unlock-ADAccount cmdlet
The Unlock-ADAccount cmdlet is the one that we will use to unlock user accounts in active directory. The Unlock-ADAccount cmdlet restores Active Directory Domain Services (AD DS) access for an account that is locked.
Install Active Directory Module for PowerShell
ActiveDirectory isn’t actually available from any default repositories, and is now part of the RSAT windows features. To install the Active Directory module, start PowerShell in an elevated prompt and run the below command.
Add-WindowsFeature RSAT-AD-Powershell
Confirm AD User Account Lockout
We have installed Active Directory PowerShell module. Run the below command to display account lockout status of specific user account.
Get-ADUser -Identity 'username' -Properties LockedOut | Select-Object Name,Lockedout
As per the below screenshot, an user account is locked. The LockedOut status True means the account is locked.
Unlock User Accounts with PowerShell command Unlock-ADAccount
To unlock user accounts with PowerShell, run the below PowerShell command.
Unlock-ADAccount -Identity 'username'
After you run the above command, run the Get-ADUser command again to verify if the account is unlocked.
The Lockedout status for user name Prajwal shows False meaning, it isn’t locked.
Find All Locked AD User Accounts using PowerShell
In the above examples we executed the Get-ADuser command to find the account lock status for a specific user. How about running a single PowerShell command to find all the user accounts that are locked in your AD.
Search-ADAccount -lockedout | Select-Object Name, SamAccountName
Running the above command lists all the user accounts that are locked. I have got two accounts that are currently locked.
Unlock User Accounts with PowerShell
In the above step we found all the accounts in our AD that are locked. To unlock user accounts with PowerShell, you can run the below PowerShell command.
Search-ADAccount -Lockedout | Unlock-AdAccount
Finally run the below command to confirm if all the user accounts are now unlocked. If you don’t see any results, it means no user accounts are locked.
Search-ADAccount -lockedout | Select-Object Name, SamAccountName
Need more help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.